Bug 1199132 – VUL-0: CVE-2022-29824: libxml2, libxml2-python, python-libxml2-python: integer overflow leading to out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*)

Bug 1199132 - (CVE-2022-29824) VUL-0: CVE-2022-29824: libxml2, libxml2-python, python-libxml2-python: integer overflow leading to out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*)

(CVE-2022-29824)
Summary:	VUL-0: CVE-2022-29824: libxml2, libxml2-python, python-libxml2-python: intege...

Status:	IN_PROGRESS

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assigned To:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/330533/
Whiteboard:	CVSSv3.1:SUSE:CVE-2022-29824:7.8:(AV:...
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2022-05-03 07:03 UTC by Thomas Leroy
Modified:	2022-07-26 16:16 UTC (History)
CC List:	3 users (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Thomas Leroy 2022-05-03 07:03:24 UTC

In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well.

References:
https://gitlab.gnome.org/GNOME/libxml2/-/commit/2554a2408e09f13652049e5ffb0d26196b02ebab
https://gitlab.gnome.org/GNOME/libxml2/-/commit/6c283d83eccd940bcde15634ac8c7f100e3caefd
https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.9.14
https://gitlab.gnome.org/GNOME/libxslt/-/tags

Comment 1 Thomas Leroy 2022-05-03 16:00:37 UTC

I think we have the following affected:
	
- SUSE:SLE-11-SP1:Update/libxml2
- SUSE:SLE-12-SP2:Update/libxml2
- SUSE:SLE-15:Update/libxml2
- SUSE:SLE-15-SP4:Update/libxml2

- SUSE:SLE-11-SP1:Update/libxml2-python

- SUSE:SLE-15:Update/python-libxml2-python

Comment 3 David Anes 2022-05-05 09:32:33 UTC

(In reply to Thomas Leroy from comment #1)
> I think we have the following affected:
> 	
> - SUSE:SLE-11-SP1:Update/libxml2
> - SUSE:SLE-12-SP2:Update/libxml2
> - SUSE:SLE-15:Update/libxml2
> - SUSE:SLE-15-SP4:Update/libxml2
> 
> - SUSE:SLE-11-SP1:Update/libxml2-python
> 
> - SUSE:SLE-15:Update/python-libxml2-python

I think everything is done now, but... Do I need to patch the libxml2-python and python-libxml2-python separately, as they are provided by libxml2 package?

Comment 4 Marcus Meissner 2022-05-05 09:39:46 UTC

no, they are in the same sources. libxml2 is the primary source, only this needs fixes.

Comment 5 David Anes 2022-05-05 09:48:00 UTC

(In reply to Marcus Meissner from comment #4)
> no, they are in the same sources. libxml2 is the primary source, only this
> needs fixes.

Ok, then we are all set. Thanks for the clarification, Marcus.

I'll assign this one back to security once I start seeing the updates popping here as comments.

Comment 7 Swamp Workflow Management 2022-05-19 19:18:04 UTC

SUSE-SU-2022:1750-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 1196490,1199132
CVE References: CVE-2022-23308,CVE-2022-29824
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    python-libxml2-python-2.9.7-150000.3.46.1
openSUSE Leap 15.3 (src):    libxml2-2.9.7-150000.3.46.1, python-libxml2-python-2.9.7-150000.3.46.1
SUSE Manager Server 4.1 (src):    libxml2-2.9.7-150000.3.46.1, python-libxml2-python-2.9.7-150000.3.46.1
SUSE Manager Retail Branch Server 4.1 (src):    libxml2-2.9.7-150000.3.46.1, python-libxml2-python-2.9.7-150000.3.46.1
SUSE Manager Proxy 4.1 (src):    libxml2-2.9.7-150000.3.46.1, python-libxml2-python-2.9.7-150000.3.46.1
SUSE Linux Enterprise Server for SAP 15-SP2 (src):    libxml2-2.9.7-150000.3.46.1, python-libxml2-python-2.9.7-150000.3.46.1
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    libxml2-2.9.7-150000.3.46.1, python-libxml2-python-2.9.7-150000.3.46.1
SUSE Linux Enterprise Server for SAP 15 (src):    libxml2-2.9.7-150000.3.46.1, python-libxml2-python-2.9.7-150000.3.46.1
SUSE Linux Enterprise Server 15-SP2-LTSS (src):    libxml2-2.9.7-150000.3.46.1, python-libxml2-python-2.9.7-150000.3.46.1
SUSE Linux Enterprise Server 15-SP2-BCL (src):    libxml2-2.9.7-150000.3.46.1, python-libxml2-python-2.9.7-150000.3.46.1
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    libxml2-2.9.7-150000.3.46.1, python-libxml2-python-2.9.7-150000.3.46.1
SUSE Linux Enterprise Server 15-SP1-BCL (src):    libxml2-2.9.7-150000.3.46.1, python-libxml2-python-2.9.7-150000.3.46.1
SUSE Linux Enterprise Server 15-LTSS (src):    libxml2-2.9.7-150000.3.46.1, python-libxml2-python-2.9.7-150000.3.46.1
SUSE Linux Enterprise Module for Python2 15-SP3 (src):    python-libxml2-python-2.9.7-150000.3.46.1
SUSE Linux Enterprise Module for Basesystem 15-SP3 (src):    libxml2-2.9.7-150000.3.46.1, python-libxml2-python-2.9.7-150000.3.46.1
SUSE Linux Enterprise Micro 5.2 (src):    libxml2-2.9.7-150000.3.46.1, python-libxml2-python-2.9.7-150000.3.46.1
SUSE Linux Enterprise Micro 5.1 (src):    libxml2-2.9.7-150000.3.46.1
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src):    libxml2-2.9.7-150000.3.46.1, python-libxml2-python-2.9.7-150000.3.46.1
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src):    libxml2-2.9.7-150000.3.46.1, python-libxml2-python-2.9.7-150000.3.46.1
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    libxml2-2.9.7-150000.3.46.1, python-libxml2-python-2.9.7-150000.3.46.1
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src):    libxml2-2.9.7-150000.3.46.1, python-libxml2-python-2.9.7-150000.3.46.1
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    libxml2-2.9.7-150000.3.46.1, python-libxml2-python-2.9.7-150000.3.46.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    libxml2-2.9.7-150000.3.46.1, python-libxml2-python-2.9.7-150000.3.46.1
SUSE Enterprise Storage 7 (src):    libxml2-2.9.7-150000.3.46.1, python-libxml2-python-2.9.7-150000.3.46.1
SUSE Enterprise Storage 6 (src):    libxml2-2.9.7-150000.3.46.1, python-libxml2-python-2.9.7-150000.3.46.1
SUSE CaaS Platform 4.0 (src):    libxml2-2.9.7-150000.3.46.1, python-libxml2-python-2.9.7-150000.3.46.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 8 Swamp Workflow Management 2022-05-24 19:15:06 UTC

SUSE-SU-2022:1833-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 1069689,1199132
CVE References: CVE-2017-16932,CVE-2022-29824
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    libxml2-2.9.4-46.54.3, python-libxml2-2.9.4-46.54.3
SUSE OpenStack Cloud Crowbar 8 (src):    libxml2-2.9.4-46.54.3, python-libxml2-2.9.4-46.54.3
SUSE OpenStack Cloud 9 (src):    libxml2-2.9.4-46.54.3, python-libxml2-2.9.4-46.54.3
SUSE OpenStack Cloud 8 (src):    libxml2-2.9.4-46.54.3, python-libxml2-2.9.4-46.54.3
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    libxml2-2.9.4-46.54.3
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    libxml2-2.9.4-46.54.3, python-libxml2-2.9.4-46.54.3
SUSE Linux Enterprise Server for SAP 12-SP3 (src):    libxml2-2.9.4-46.54.3, python-libxml2-2.9.4-46.54.3
SUSE Linux Enterprise Server 12-SP5 (src):    libxml2-2.9.4-46.54.3, python-libxml2-2.9.4-46.54.3
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    libxml2-2.9.4-46.54.3, python-libxml2-2.9.4-46.54.3
SUSE Linux Enterprise Server 12-SP3-LTSS (src):    libxml2-2.9.4-46.54.3, python-libxml2-2.9.4-46.54.3
SUSE Linux Enterprise Server 12-SP3-BCL (src):    libxml2-2.9.4-46.54.3, python-libxml2-2.9.4-46.54.3
SUSE Linux Enterprise Server 12-SP2-BCL (src):    libxml2-2.9.4-46.54.3, python-libxml2-2.9.4-46.54.3
HPE Helion Openstack 8 (src):    libxml2-2.9.4-46.54.3, python-libxml2-2.9.4-46.54.3

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 9 Swamp Workflow Management 2022-07-26 16:16:31 UTC

SUSE-SU-2022:2552-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 1196490,1199132
CVE References: CVE-2022-23308,CVE-2022-29824
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    libxml2-2.9.14-150400.5.7.1, libxml2-python-2.9.14-150400.5.7.1
SUSE Linux Enterprise Module for Basesystem 15-SP4 (src):    libxml2-2.9.14-150400.5.7.1, libxml2-python-2.9.14-150400.5.7.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.